Method and system for securing data utilizing reconfigurable logic

ABSTRACT

A method, an article of manufacture, and a process are provided for securing data sets by dynamically hopping amongst a variety of data encryption and/or manipulation protocols. Such dynamic protocol hopping can be implemented in reconfigurable logic. The encryption protocol applied to the data set is selected from among a plurality of encryption protocols. Preferably, the selection can be driven by a random number generator.

TECHNICAL FIELD OF THE DISCLOSURE

This disclosure pertains to cryptography, and, more particularly, tosecuring data by utilizing reconfigurable logic.

This disclosure pertains to utilizing reconfigurable logic to securedata while it is in the process of being transmitted between devices andalso it pertains to securing data that is contained within a device orsubsystem, such as a computing or data processing system, or computermemory or secondary or higher storage.

This disclosure pertains to utilization of reconfigurable logic to allowdynamic reconfiguration of data transmission or manipulation protocolsfor the purpose of increasing the security or efficiency of the overallprocess for which the protocol is being applied.

BACKGROUND OF THE DISCLOSURE

Encryption approaches and protocols are continually being compromised asthe field of cryptanalysis, and available computing power, advances. Andif cryptanalysts overcome an encryption approach, then devices whichincorporate that encryption approach in fixed-logic are themselvescompromised. The only way to restore security to a compromisedfixed-logic device is to replace the device, the cost and inconvenienceof which may be substantial.

One potential architectural approach to mitigate the inflexibility offixed logic is to implement the protocol in software, which would thenbe run on some type of programmable processor. This option can, and has,been used when the protocol of interest does not have to manipulate datain a high speed manor and the programmable device can be protected suchthat a copy of the software implementation can not be compromised byunauthorized physical or virtual access. These very restrictivequalifying requirements remove software implemented security protocolsfrom a large number of market segments.

By contrast, an encryption approach implemented in reconfigurable logiccould be modified in response to being compromised, reestablishingsecurity without the costs of replacing compromised fixed-logicencryption devices. Because reconfigurable logic based securityalgorithms operate at hardware circuit speeds, they can also be usedwhen high processing speed, lower power draw or higher physical securityrequirements would exclude a software implementation.

Efforts in academic, industrial, military, and other areas to improveencryption have focused disproportionately on fixed-logic designs ratherthan reconfigurable-logic designs. The bias toward fixed-logic designhas been influenced by among other factors, policies and procedures ofthe National Security Agency (NSA). The NSA reviews encryption devicesfor the US government Defense and Intelligence communities and typeapproves those meeting certain standards. The NSA's traditional policiesand procedures have been oriented towards fixed-logic designs primarilybecause fixed function devices are more easily verified to have nocommunications or processing channels through which information could bemaliciously or inadvertently exposed external to the device. Since NSAtype approval is required before a security device can be used by USDefense or Intelligence departments, this has heretofore effectivelyforeclosed type approval of encryption approaches using reconfigurablelogic. Accordingly, serious encryption efforts employing reconfigurablelogic for production systems have been uncommon. Likewise software basedencryption systems have also heretofore had difficulty in obtaining NSAtype certification for higher security purposes.

What is needed is a highly effective encryption approach for securingdata which can be modified to overcome advances in cryptanalysis byvirtue of being implemented with reconfigurable logic.

The present disclosure teaches methods and systems for securing datautilizing protocol hopping and reconfigurable logic, alone and incombination with other cryptographic methods. One aspect of thisteaching provides a method for securing data by dynamically varying theprotocols applied to the data at some natural boundary in the case ofblock oriented data, such as data block, packet, message transition, orat an arbitrary boundary, such as some number of bits in the case ofstream data. Examples of the type of protocols which can be variedinclude, but is not limited to, (a) encryption (b) compression and (c)data rotations, substitutions, or transformations along fixed or varyingbit boundaries. The manipulation algorithm applied to the data isselected from among a plurality of such algorithms of that class. Forinstance, among encryption algorithms the system could apply AES to onebody of data, then apply Twofish to another, then Triple DES to another,and so on. Preferably, the varying protocol selection can be driven by arandom number generator (RNG). More preferably, the number of randomnumber generator algorithms available can be extended using a“Logic-Stretching” engine, where the output stream of a single RNG canbe varied by treatment with logical operators to supply a large numberof potential output streams depending upon the selection of logicoperators. Alternately, the above described protocol hopping securityprocess can be implemented partially in reconfigurable logic andpartially in non-reconfigurable logic.

Another aspect of this teaching provides an apparatus for securing data,including (a) a memory that contains data describing encryptionalgorithms, (b) a communications interface that is configured to receivedata, (c) and a processor that reads from the memory one of theencryption algorithms and encrypts the received data based on theselected encryption algorithm. Preferably, the apparatus also includes arandom number generator, and the processor selects the encryptionalgorithm to utilize based on some portion of the output of the randomnumber generator. Alternately, the memory, random number generator, andprocessor are implemented partially in reconfigurable logic andpartially in non-reconfigurable logic.

Other aspects, objectives and advantages of the invention will becomemore apparent from the remainder of the detailed description when takenin conjunction with the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of the present disclosure, and theadvantages thereof, reference is now made to the following briefdescriptions taken in conjunction with the accompanying drawings, inwhich like reference numerals indicate like features.

FIG. 1 is a flowchart representing an encryption method, according to anembodiment of the invention.

FIG. 2 is another flowchart representing an encryption method, accordingto an embodiment of the invention.

FIG. 3 is yet another flowchart representing an encryption method,according to an embodiment of the invention.

FIG. 4 is a flowchart representing a bit bending portion of theencryption method represented in FIG. 3, according to an embodiment ofthe invention.

FIG. 5 is a flowchart representing a pad bits portion of the encryptionmethod represented in FIG. 3, according to an embodiment of theinvention.

FIG. 6 is a flowchart representing a compression portion of theencryption method represented in FIG. 3, according to an embodiment ofthe invention.

FIG. 7 is a flowchart representing an encryption portion of theencryption method represented in FIG. 3, according to an embodiment ofthe invention.

FIG. 8 is a flowchart representing a packet number insertion portion ofthe encryption method represented in FIG. 3, according to an embodimentof the invention.

FIG. 9 is a flowchart representing a message digest insertion portion ofthe encryption method represented in FIG. 3, according to an embodimentof the invention.

FIG. 10 is a flowchart representing a decryption method, according to anembodiment of the invention.

FIG. 11 is a flowchart representing a message digest removal portion ofthe decryption method represented in FIG. 10, according to an embodimentof the invention.

FIG. 12 is a flowchart representing a packet number removal portion ofthe decryption method represented in FIG. 10, according to an embodimentof the invention.

FIG. 13 is a flowchart representing a decryption portion of thedecryption method represented in FIG. 10, according to an embodiment ofthe invention.

FIG. 14 is a flowchart representing an uncompress portion of thedecryption method represented in FIG. 10, according to an embodiment ofthe invention.

FIG. 15 is a flowchart representing a pad bit removal portion of thedecryption method represented in FIG. 10, according to an embodiment ofthe invention.

FIG. 16 is a flowchart representing a bit bending reversal portion ofthe decryption method represented in FIG. 10, according to an embodimentof the invention.

FIG. 17 is still another flowchart representing an encryption method,according to an embodiment of the invention.

FIG. 18 is a block diagram representing an encryption device, accordingto an embodiment of the invention.

FIG. 19 is another block diagram representing an encryption device,according to an embodiment of the invention.

FIG. 20 is yet another block diagram representing an encryption device,according to an embodiment of the invention.

FIG. 21 is a block diagram of a field programmable gate array (FPGA),according to an embodiment of the invention.

DETAILED DESCRIPTION

Simply stated, the purpose of encryption is to replace the task ofkeeping one thing, or combination of things, secret with the task ofkeeping some other thing, or combination of other things, secret.Accordingly, a plaintext message is encrypted into a ciphertext messagecontaining the same information as the corresponding plaintext, butformatted so as to be unreadable without a particular key. In otherwords, ciphertext is a code, and the task of keeping the plaintextmessage secret is replaced with the task of keeping either the plaintextmessage or the key secret. Of course, this assumes that the encryptionis sufficiently strong to prevent being overcome by cryptanalysis.

Conventionally, it is the key rather than the plaintext that is keptsecret. This makes sense because it would presumably require the sameamount of effort to keep the ciphertext message secret as it would havetaken to keep the plaintext message secret without bothering to encryptit at all. Common types of keys in cryptography include message key,running key, user key, and alias key. Essentially, a key is used toestablish a specific state in a particular cryptographic device. This iseasily seen in an example where a component of the cryptographic deviceis a pseudo-random number generator. In that example, the key operatesas a seed which deterministically and predictably causes thepseudo-random number generator to output a specific stream ofpseudo-random numbers.

Turning now to the figures, FIG. 1 is a flowchart representing anencryption method, according to an embodiment of the present invention.Plaintext 100 undergoes whitening, bit insertion, and compression 102(utilizing one or more algorithms from a library of whitening, bitinsertion, and compression algorithms 103), data manipulation 104, suchas transformation and substitution, (utilizing one or more algorithmsfrom a library of data transformation, substitution, and manipulationalgorithms 105) and encryption 106 (utilizing one or more algorithmsfrom a library of encryption algorithms 107), producing ciphertext 108.

Whitening data makes the data appear to a cryptanalyst more like arandom bit sequence, without a discernable pattern. Whitening thereforehinders cryptanalysis by reducing or eliminating plaintext-based patternmatching statistical analysis. A rudimentary example is the fact thatthe letter E appears far more frequently in normal English usage thanthe letter Z. If left uncorrected, the statistical patterns property ofcertain data such as text, or message preambles, needlessly increasesthe likelihood that a cryptanalysis attack will succeed.

Common whiteners include the use of digital filter scramblers, verylarge block sizes, multiple encryption, Cipher Block Chaining, andLinear Feedback Shift Registers. Scramblers are used to randomize data,reducing the likelihood of outputting long sequences of 1's or 0's.Likewise, employment of very large block sizes would be expected toresult in whiter cipher blocks by virtue of the greater volume ofplaintext contained in each block. Alternately, multiple encryptionresults in whiter cipher blocks because each subsequent encryption passtakes as input a cipher block output by the preceding encryption pass,which would be expected to be far whiter than typical plaintext.

Cipher Block Chaining (CBC) is a technique used in applying blockciphers. In CBC processing of data, the current data block is XORed withthe preceding data block. Of course, the fact that the first block to beenciphered does not have a preceding data block is a problem that mustbe dealt with. Typically this is resolved by using an initial valueblock and treating the initial value block as the preceding block forXORing with the first block. If improperly handled, CBC's first-blockproblem exposes the approach to a possible man-in-the-middle attack thatfocuses on the initial value block. One approach to addressing thisvulnerability is to utilize a keyed error-corrected code or hash, suchas a message authentication code or block authentication code which willindicate if the initial value block has been modified, possibly by aman-in-the-middle. An alternate approach is to encipher the initialvalue block so that modification by a man-in-the-middle will result inthe entire first block being garbled when unencrypted—an indication thatthe initial value block has been modified.

An XOR mask can be used to easily whiten a block by inverting anexpected 50% of the data block's bits. Similarly, a binary invert maskcan be expected to invert about 50% of the data's elements. Accordingly,an invert mask can be used to whiten data. An example of a binary invertmask is a block of 0's and 1's which is intended to be invert-combinedwith the data to be whitened. An invert mask operates in accord with thefollowing table:

Invert Mask Bit Data Block Bit Result 0 0 0 0 1 1 1 0 1 1 1 0

An XOR mask and an invert mask can be chained to improve the whiteningof data. In effect, combining data with an XOR mask followed by aninvert mask further complicates the whitening process, thereby hinderingsubsequent cryptanalysis to some extent. In one embodiment taught by thepresent disclosure, a substitution box (S-box) is used to communicate anXOR mask and an invert mask during session initialization. Each mask iscommunicated using 16 bits of a 32-bit word. Each 16-bit word portioncorresponds to one in a sequence of masks. In other words, each 16-bitword is a pointer into a table of masks: one table containing XOR masksand the other table containing invert masks.

An S-box can be a single substitution table or a group of substitutiontables. S-boxes can be used to affect data balance, avalanche, ornonlinearity characteristics, among others. Improved balance encompassesciphertext statistical properties wherein the number of 0's is close tothe number of 1's. Avalanche is a characteristic wherein a change of asingle bit causes a change in the table entry selected. The table-entrychange typically causes selection of an entirely different table, whichmay then be combined with the data block by XOR, invert, or otherwise.As a result, a change in one bit of an input data block will potentiallycause changes in a large number, preferably 50%, orbits of the entireoutput data block. S-boxes can be keyed or not. Substitution examplesinclude simple substitution, homophonic substitution, polyalphabericsubstitution, or polygram substitution.

One spectrum useful in understanding encryption approaches is todifferentiate between block ciphers and stream ciphers—although thereare encryption approaches which share characteristics of each. Blockciphers operate on groups or blocks of bits rather than on one bit at atime. Conversely, stream ciphers generally operate on characters, orbits, one-at-a-time.

Some examples of types of block ciphers include simple substitution,transposition cipher, homophonic substitution, dynamically selectableblock size, and dynamically variable size block.

A valuable feature of block ciphers, at least those block ciphers havingavalanche properties, is that changing a single bit in a block ofplaintext has the potential to change the bits in the correspondingblock of ciphertext in widespread and random-like fashion. In the binarycase, this typically results in significant whitening of the resultingciphertext as about half of the ciphertext bits change for any givenchange or combination of changes in the plaintext block. A similaranalysis applies to any case where the character set being used has asize of two. For other-sized character sets, one would expect about 1/Nof the ciphertext characters to remain unchanged following any givenplaintext change, where N is the number of characters in the characterset. For example, if the character set is the 26 capital letters of theEnglish alphabet, then a change in the plaintext block, would result ina change to all but 1/26 of the ciphertext characters. In other words,25/26 of the characters in the ciphertext block would be expected tochange. This characteristic of block ciphers is called data diffusionand provides data whitening.

A basic, although not necessarily preferred, block cipher approach is COoperate on the message as a single monolithic block. Depending uponavailable resources, this approach can prove problematic for very largemessages. An approach which overcomes the problem of encrypting verylarge messages while retaining most of the benefit of using a blockcipher approach is to partition the message into multiple smallerblocks, which are each enciphered using a block cipher. In devices usingthe present disclosure, the block cipher employed can be the same acrossall message blocks or can vary in some manner, possibly even continuallychanging from one block to the next. Where message blocks have astandard size, the final message block must typically be padded to reachthe standard size. Varying block sizes are also possible.

Within most current block encryption protocols, the method of processingone block of input data can optionally be related to the contents of apreviously processed block's output. CBC is only one available approachto breaking messages into multiple blocks for enciphering. Otherwell-known approaches include Electronic Codebook (ECB), CiphertextFeedback (CFB), and Output Feedback (OFB). These varying approaches aregenerally referred to as “modes” of an encryption algorithm, and thepresent disclosure teaches that these modes can also be varied, or“hopped”, to increase the degree of difficulty presented to a cryptoanalyst attempting to decrypt a cipherrext.

A Linear Feedback Shift Register (LFSR) is a shift register includingone or more XOR feedback taps or connections. LFSRs are typically usedto produce a relatively lengthy stream of binary digits or bits. Forexample, consider an LFSR having space for eight bits and configured sothat, upon shifting, the first bit-space is filled with a bit that isthe result of XORing the former contents of the last hit-space with theformer contents of one of the other seven bit-spaces. If the LFSR isimplemented iteratively and does not begin with every bit-spacecontaining a zero, then the values of the bit-spaces will progressthrough 2^(n)−1 combinations, which is only one short of the theoreticalmaximum number of combinations: 2^(n). The operation used to join thefeedback connections is commonly XOR, but need not be.

At the other end of the spectrum from block ciphers are stream ciphers.Rather than processing data block-by-block, stream ciphers process dataelement-by-element. Conceptually, stream ciphering is simply blockciphering where the block size is only large enough to hold a singledata element. In order to be effective, stream ciphers usually retainstate information between characters. For example, a stream cipher couldencrypt a plaintext stream by generating and concurrently combining akey stream with the plaintext stream on an element-by-element basis. Oneadvantage of stream ciphers is that they do not require an entire blockto be accumulated for processing to begin. Additionally, stream ciphersdo not need data diffusion as do block ciphers because, unlike blockciphers, stream ciphers lack multiple data components which needprotection from cryptanalysis. Some examples of types of stream ciphersinclude confusion sequence, filter, monoalphabetic, polyalphabetic,dynamic, and iterative.

The exclusive-OR (XOR) function, referenced above and hereafter, is aBoolean logic function commonly used in cryptography. The XOR functionoperates according to the following table:

Input 1 Input 2 Output 0 0 0 0 1 1 1 0 1 1 1 0

As a practical matter, the XOR function is typically constructed usingvarious combinations of the NOT, AND, and OR logic functions. Theselogic functions operate according to the following tables:

Input NOT Input 1 Input 2 AND OR 0 1 0 0 0 0 1 0 0 1 0 1 1 0 0 1 1 I 1 1

The XOR function is a linear additive combiner, as is addition, and istherefore reversible. Another class of combiners used in cryptographyincludes reversible non-linear combiners which include state informationand can be keyed, such as a Latin square combiner or DynamicSubstitution combiner.

FIG. 2 is another flowchart representing an encryption method. Plaintext110 undergoes Data Encryption Standard (DES) encryption 112 in order towhiten the data. The data then undergoes XORing 114 which furtherwhitens the data. The data then undergoes encryption 116 by a randomlyselected encryption algorithm using a randomly selected key, producingciphertext 118. DES encryption is a 64-bit conventional block cipherhaving a 56-bit key. A more recent conventional block cipher known asthe Advanced Encryption Standard (AES) has been developed to replace DESand selected by the National Institute of Standards and Technology(NIST) for U.S. Government use. AES can be implemented using 128, 192 or256-bit keys.

Random numbers frequently play an important role in cryptography. Arandom number is one which is unpredictable. Typically, it is preferablenot only that the number is unpredictable but that its likelihood ofbeing any particular value is equal to its likelihood of being any otherpossible value. Ideally, the characteristic of unpredictability meanschat, at any given time, knowledge of all previous values in the numberstream would be of no use in predicting the next number. Devices thatproduce streams of random numbers, known as random number generators,are in widespread use.

As a practical matter, real-world devices and algorithms typicallyemploy pseudo-random number generators. Such generators typicallyutilize a seed or initial value to product a stream of numbers whichappear random, but are not physically or “really” random. Physically orreally random numbers are nondeterministic and are produced, forexample, by radioactive decay, Zener-diode shot noise, or thermal noise.In general, computers are deterministic and are therefore much more ableto produce pseudo-random number streams than physically random numberstreams.

The Pseudo-random number streams are deterministic. That is, given thesame pseudo-random number generator and the same seed or initial state,the same number stream will be produced. However, a good pseudo-randomnumber stream may well be sufficiently unpredictable for thecryptographic task to which it is put. Furthermore, a pseudo-randomnumber generator may, by its very design, be able to guarantee that itsoutput number stream has desirable statistical characteristics thatcannot be guaranteed by a really random number generator. One advantageof a deterministic sequence is that two parties, each in possession ofan identical pseudo-random number generator and identical seeds or keys,will be able to generate identical random-appearing yet identifiednumber streams. Post-processing can be used to improve the statisticalcharacteristics of really random number streams, but accompanyingtrade-offs must often be made.

FIG. 3 is yet another flowchart representing an encryption system calledTactically Unbreakable COMSEC (TUC), which is a trademark of AdvancedCommunications Concepts, Inc., which applies the teachings contained inthe present disclosure to the security of data while it is beingtransmitted. Such COMmunications SECurity is often referred to asCOMSEC. While FIG. 3 depicts an overview of the TUC example, FIGS. 4-9depict portions of the TUC example in greater derail. Turning to FIG. 3,Internet Protocol (IP) packers 120 undergo packet sizing 122. In thepresent embodiment, packets are sized at 2048 bits per data block. A bitbending engine 124 manipulates the data block. Pad bits are added 126 tothe data block. The data block undergoes compression 128, thenencryption 130. Packet numbers are inserted 132 into the data block. Amessage digest is also inserted 133 into the data block. IP packetinformation is inserted 134 into the data block. The data blockundergoes AES encryption 135. Finally, the data block is formatted for802.11 transport 136.

Compressing data can not only reduce the size of plaintext prior toenciphering, but also helps remove recurring patterns in the plaintext.Both results potentially improve post-enciphering cryptographicstrength, the former by changing the apparent message length and thelatter by obscuring patterns in the plaintext. The former benefit canalso be obtained where ciphertext is compressed after encryption ratherthan before. Message length can also be changed b_(y) adding padelements or bits to a message block. The pad elements may be fixed,varying, or even pseudo-random in position or number.

FIG. 4 is a flowchart representing a bit bending portion 124 of theencryption method represented in FIG. 3. The data block undergoes DESencryption 138. The DES encryption provides bit whitening and requires56 random bits for it's key. The data block is XORed 140, using two32-bit numbers obtained from S-Boxes at session initialization. The datablock is inverted 142, per the pattern ofan “invert mask” ofpseudo-random bits. Subgroups of the data block are rotated 144,rotating bytes based on up to 1024 random bits. Four bits per byte ofmessage length are used. The first bit indicates the direction: left orright. The second, third, and fourth bits indicate rotate length. Thedata block undergoes byte-for-byte substitution 146 using a 256-bytetable. The data block then undergoes a message-length XOR 148, requiringup to 2048 bits for XOR mask selection or creation.

FIG. 5 is a flowchart representing a insert bits portion 126 of theencryption method represented in FIG. 3. The number of insert bits isdetermined 150 by taking 5 bits of output from a random number generatorand adding 32. The next 14 bits are for the address at which to add thepad bit and one bit is used to pad, so the maximum number orbits used is8+(64*15)=965. Accordingly, pad bits are inserted 152 at appropriatelocations in the data block.

FIG. 6 is a flowchart representing a compression portion 128 of theencryption method represented in FIG. 3. A compression algorithm isdetermined 154 by taking 16 bits of output from a random numbergenerator to select the compression algorithm for use. Additionally, twobanks of 32-bit numbers provide the ability to mask data. As a result,determination of the compression algorithm requires the use of 80 randombits. The data block undergoes 156 the selected compression.

FIG. 7 is a flowchart representing an encryption portion 130 of theencryption method represented in FIG. 3. An encryption algorithm isselected 158 by taking 16 bits of output from a random number generator.Two banks of 32-bit words are also used for additional masks. Then up to2.048 random bits form the encryption key. The data block undergoes theselected encryption using the randomly generated key 160.

FIG. 8 is a flowchart representing a packet number insertion portion 132of the encryption method represented in FIG. 3. A 64-bit packet numberis calculated 162. The packet number is encrypted with, in this example,DES encryption using the session-initialization defined key 164. Theencrypted packet number is inserted 166 into the packet at an insertionposition determined during session initialization.

Session initialization can be performed by the confidential exchange ofa secret key out-of-band or a pair of public keys, either in- orout-of-band. In the latter case, a public key infrastructure is reliedupon for authentication services to combat the potential for aman-in-the-middle attack. Authentication in this case means that publickeys can and should be certified for a public-key encryption system towork properly.

FIG. 9 is a flowchart representing a message digest insertion portion134 of the encryption method represented in FIG. 3. A message digest iscalculated 168 using SHA1, SHA2, or MD5 based on packet size. Themessage digest is inserted 170 at a location determined during sessioninitialization. Hash functions are primitives used in a variety ofcryptographic constructions. Hash functions are designed to be “one-way”and “collision resistant”. A hash function is one-way if it is hard tofind the input string x corresponding to the output string h(x). Hashcollision occurs when h(x)=h(y) for distinct strings ‘x’ and ‘y’. Ameaningful hash collision compromises security.

MD5 and SHA1 are two popular hash-function algorithms that take anarbitrary input string and generate a “fingerprint,” which is intendedto be unique. If a hash function is secure, changing a character of theinput string results in a different fingerprint. Security applicationscan then certify, for example, that a software component is safe toexecute based on it bearing a known and trusted fingerprint. If thefingerprint is not unique, then potential exists for an attacker toemploy a second-pre-image attack, substituting a false fingerprint onmalicious code so that the malicious code appears to be safe based on areview of the fingerprint. SHA2 is an improved version of SHA1.

FIG. 10 is a flowchart representing a decryption method. An 802.11packet is received 180. The packet undergoes AES decryption 182. Thepacket's message digest 184 and number 186 are removed. The packet isdecrypted 188 and uncompressed 190. Pad bits are removed 192 from thepacket, and a reverse bit-bending engine then operates on the packet194. The complete IP packet is then reestablished 196 and sent to anapplication 198.

FIG. 11 is a flowchart representing a message digest removal portion 184of the decryption method represented in FIG. 10. The message digest isremoved 200. The message digest location within the packet is determinedduring session initialization. SHA1, SHA2, or MDA5 is used depending onthe packet length. The message digest is computed 202. If a computedmessage digest does not match the sent message digest, the message isignored and failure logged 204.

FIG. 12 is a flowchart representing a packet number removal portion 186of the decryption method represented in FIG. 10. The packet number isremoved 206 from the packet. The packet number is a 64-bit number at alocation determined at session initialization. The packet number isunencrypted 208 using DES with a key obtained during sessioninitialization. The packet number is saved 210 and used as a pointer toa random number string for subsequent operations.

FIG. 13 is a flowchart representing a decryption portion 188 of thedecryption method represented in FIG. 10. The decryption algorithm andkey are determined 212 by taking 16 random bits to select the decryptionalgorithm corresponding to the earlier-selected encryption algorithm andtwo banks of 32-bit words are used for additional masks. Then up to 2048random bits are used for the decryption key. The packet is thendecrypted 214 using the selected decryption algorithm with the selectedkey.

FIG. 14 is a flowchart representing an uncompress portion 190 of thedecryption method represented in FIG. 10. A compression algorithm isselected 216 based on 16 bits of output from a random number generator.Two banks of 32 bit numbers provide ability to mask data. In sum, 80random bits are utilized in identifying the compression algorithm. Theselected compression algorithm is then used to decompress 218 thepacket.

FIG. 15 is a flowchart representing a pad bit removal portion 192 of thedecryption method represented in FIG. 10. The number of pad bits isdetermined 220 by taking 8 bits of output from a random numbergenerator, adding 32 to the byte taken. The next 12 bits are used forthe address to add the pad bit and one bit is used as the pad.Accordingly, the maximum number of bits used is 8+(64*15)=965. Pad bitsare removed 222 from appropriate locations

FIG. 16 is a flowchart representing a bit bending reversal portion 194of the decryption method represented in FIG. 10. XOR is performed 224 onthe message length, requiring up to 2048 bits. XORing is followed bybyte-for-byte substitution 226 using a 256-byte reverse lookup table. Asubgroup rotate is performed on the message 228 based on up to 1024random bits. Message data is inverted 230, requiring up to 2048 randombits. The message data is then XORed 232, using two 32-bit numbers,repeated across the entire message. The message then undergoes DESdecryption 234, requiring 56 random bits.

FIG. 17 is still another flowchart representing an encryption method.This encryption method is also an example of Tactically UnbreakableCOMSEC (TUC), which is a trademark of Advanced Communications Concepts,Inc, FIG. 17 illustrates an example flow of a TUC data manipulationprocess. Essentially, a protocol's input bit stream is scrambled by aTUC-enabled transmitter 236 for transmission. Upon receipt of aTUC-scrambled transmission, a TUC-enabled receiver 250 unscrambles themessage, recreating the original data stream. In this example, the datastream comprises 802.11 input packets of user data 238. The transmitter236 operates on the data packet 238 using a bit bending variation engine240, random pad bit insertion 242, multi-protocol compression engine244, multi-encryption engine 246, and frequency shifting engine 248. Thetransmitter 236 then outputs and transmits the secured data 249 to thereceiver 250. The secured data 249 benefits from multi-layered securitymeasures, including 3-in-1 encryption, compression, and bit-bendingvariants. Upon receiving the secured data 249, the receiver 250 operateson the secured data 249 using a frequency de-shifting engine 252,multi-decryption engine 254, multi-protocol decompression engine 256,random pad bit removal 258, and bit de-bending variation engine 260,producing 802.11 output packet of user data 262 identical to the 802.11input packet of user data 238.

FIG. 18 is a block diagram representing an encryption device 266 forsecuring data. The encryption device 266 includes a memory 268 thatcontains data describing encryption algorithms and a communicationsinterface 270 that is configured to receive data 272. The device 266also includes a processor 274 that reads from the memory 268 one of theencryption algorithms and encrypts the received data 272 based on theencryption algorithm. The memory 268, processor 274, or both are atleast partially implemented in reconfigurable logic.

In the context of this document, “reconfigurable logic” shall be definedas any logic device which can be configured by an external informationstream so that its hardware circuitry operation changes in response tosuch external direction. Such logic device could be implemented tooperate on any physical property or combination of properties, such aselectronic, photonic, thermal, electromagnetic wave propagation,materials' quantum or mechanical characteristics, whether implemented bymacro, micro or nano scale processes.

In the context of this document “dynamic reconfiguration” shall includeany process by which the contents of a reconfigurable logic devicechanges in response to outside direction, or the nature of its inputdata, during the operational cycle of the device. This is contrastedwith the current norm in the use of reconfigurable logic in which thedevice is programmed at power up, or device restart, and then executesits initially loaded logic until the next occurrence of a device restartor power cycle. Such dynamic reconfiguration can include all or aportion of the reconfigurable logic device's circuitry.

Examples of current reconfigurable logic families include, but are notlimited to, programmable logic device (PLO), complex programmable logicdevice (CPLD), field programmable gate array (FPGA), some hardwareimplementations of neural nets and fuzzy logic, and several optical andnanotechnology based devices.

PLDs each include a plurality of fully connected macrocells, each ofwhich typically contains a small Boolean logic function. By comparison,CPLDs each typically consist essentially of a plurality of PLDsconnected together with, for example, a switch matrix. The relativelyinflexible switch-matrix interconnectivity causes signal delay to berelatively predictable. As a result, CPLDs are typically selected foruse in applications that require high-performance logic.

FPGAs are specially made digital semiconductor devices often used forprototyping and to accommodate “time-to-market” product designs. Theintegrated-circuit fabrication technology creates pre-fabricated circuitmodules that are electrically configurable by the user to meet specificdesign requirements on a chip-by-chip basis. Users are able to programelectrical FPGA connections to adapt the chip to a specific application,thereby avoiding the need to create a non-configurable chip, such as anapplication-specific integrated circuit (ASIC). ASICs and othernon-configurable chips must ordinarily be produced in very largequantities to make production economically feasible.

Although described with particular reference to a method and system forsecuring data utilizing FPGA based reconfigurable logic, the claimedsubject matter can be implemented in any information technology (IT) orcommunications system in which securing data utilizing any class ofreconfigurable logic is desirable. Those with skill in the pertinentarts will recognize that the disclosed embodiments have relevance to awide variety of computing and communications environments in addition tothose described in this disclosure. In addition, unless otherwisespecified or clearly apparent by context, the methods of the disclosedinvention can be implemented in software, hardware, or a combination ofsoftware and hardware. For example, the hardware portion can beimplemented using specialized logic; by way of further example, thesoftware portion can be stored in a memory and executed by a suitableinstruction execution system such as a microprocessor, personal computer(PC), or mainframe.

In the context of this document, a “computer-readable medium” can be anymeans that contains, stores, communicates, propagates, or transports aprogram and/or data for use by or in conjunction with an instructionexecution system, apparatus, or device. In the context of this document,a “memory” is a type of computer-readable medium, and can be, but is notlimited to, an electronic, magnetic, optical, electromagnetic, infrared,or semiconductor system, apparatus, or device. Memory also includes, butis not limited to, for example, the following: a portable computerdiskette, a random access memory (RAM), a read-only memory (ROM), anerasable programmable read-only memory (EPROM or flash memory), and aportable compact disk read-only memory. In the context of this document,a “signal” is a type of computer-readable medium, and can be, but is notlimited to, an electrical, optical, or acoustical signal, signalsembodied in a carrier wave or directly transmitted, or any othermanufactured transient phenomenon in which a program and/or data can beencoded.

FIG. 19 is a block diagram that represents a variation of the encryptiondevice 266. This variation of the encryption device 266 includes arandom number generator 276. The processor 274 selects the encryptionalgorithm to read from the memory 268 based on the output of the randomnumber generator 276.

FIG. 20 is a block diagram that represents another variation of theencryption device 266. In this variation of the encryption device 266,the memory 268 is implemented partially in reconfigurable logic (RCL)278 and partially in non-reconfigurable logic (NRCL) 280. In othervariations, other portions or combinations of portions of the device 266are implemented in non-reconfigurable logic (NRCL).

FIG. 21 is a block diagram of an FPGA 282. The FPGA 282 includes aplurality of logic blocks 284. I/O blocks 286 regulate signal inputs toand outputs from the FPGA, while programmable interconnects 288 definethe functional relationships between the logic blocks.

Compatibility of encryption devices is a major issue. One approach toachieving compatibility has been to equip communicants with identicalencrypted-communications devices for the encryption and decryption ofmessages. Unfortunately, this approach is often infeasible.

For example, where newer encryption-communications devices mustcommunicate with older encryption-communications devices, the newerdevices must be legacy-compatible with the older devices. Likewise,communicants belonging to different groups within a single organizationmay require different encryption-communication devices which must beencrypted-comMunications compatible. For example, it might be the casethat one group needs the particular features of one device, such aslonger battery life, while the other group needs the particular featuresof the other device, such as brighter display capabilities.

As another example, communicants belonging to different organizationsand having different encryption-communications devices can require,temporarily or permanently, encryption-communications compatibility. Forexample, communicants of a United Kingdom organization could needencryption-communications compatibility with a United Statesorganization in order to carry out a joint project.

Forward compatibility of encryption-communications devices can also addsubstantially to the value of such devices under myriad circumstancesdue to the expectancy of longer useful device life.

Each of these compatibility issues can be resolved by utilizingreconfigurable logic in encrypted-communication devices to enable theconvenient and inexpensive importation of old, different, or newencryption protocols. Such protocols would be selected and importedbased on the protocols necessary to enable encrypted-communicationscompatibility between the devices. It is sufficient for one of thedevices to utilize reconfigurable logic as that would enable thereconfigurable device to be made compatible with the other device.

In one embodiment, a first device includes reconfigurable logic and isadapted to process data based on the reconfigurable logic andcommunicate with the second device. One or more encryption protocolsnecessary for encrypted-communications compatibility with the seconddevice is stored in the reconfigurabte logic of the rust device. As aresult, encrypted-communications compatibility of the first device withthe second device is achieved. For convenience, a set of such encryptionprotocols, necessary to achieve compatibility with the second device,could be bundled together as one or more libraries of encryptionprotocols.

All references, including publications, patent applications, andpatents, cited herein are hereby incorporated by reference to the sameextent as if each reference were individually and specifically indicatedto be incorporated by reference and were set forth in its entiretyherein.

The term “encryption protocols,” as used herein, includes encryptionalgorithms, compression algorithms, whitening algorithms, datamanipulation algorithms, and modes. A mode is a process wrapped aroundwhat an encryption or other engine does. For example, a mode couldcontrol what key is passed to an encryption engine. A mode could also oralternately control which portion of the available data is passed to anencryption engine. Similarly, a mode can determine what portion, if any,of data output from an engine is utilized further and in what manner.

The use of the terms “a” and “an” and “the” and similar referents in thecontext of describing embodiments of the invention (especially in thecontext of the following claims) are to be construed to cover both thesingular and the plural, unless otherwise indicated herein or clearlycontradicted by context. The terms “comprising,” “having,” “including,”and “containing” are to be construed as open-ended terms (i.e., meaning“including, but not limited to,”) unless otherwise noted. Recitation ofranges of values herein are merely intended to serve as a shorthandmethod of referring individually to each separate value falling withinthe range, unless otherwise indicated herein, and each separate value isincorporated into the specification as if it were individually recitedherein. All methods described herein can be performed in any suitableorder unless otherwise indicated herein or otherwise clearlycontradicted by context. The use of any and all examples, or exemplarylanguage (e.g., “such as”) provided herein, is intended merely to betterilluminate embodiments of the invention and does not pose a limitationon the scope of the invention unless otherwise claimed. No language inthe specification should be construed as indicating any non-claimedelement as essential to the practice of the invention.

Preferred embodiments of this invention are described herein, includingthe best mode known to the inventors for carrying out the invention withcurrent commercially available technology. Variations of those preferredembodiments may become apparent to those of ordinary skill in the artupon reading the foregoing description. The inventors expect skilledartisans to employ such variations as appropriate, and the inventorsintend for the invention to be practiced otherwise than as specificallydescribed herein. For example, multiple coordinated processors can besubstituted to perform the task assigned herein to a single processor.As another example, where one or more steps in a process is describedherein, multiple rounds of the step or combination of steps can beperformed. As yet another example, where a process or device refers toan “encryption protocol” or the like, it is contemplated that otherprotocols that tend to change the character or format of data could beused as “encryption protocols” even though known in the industry underother terminology; for example, compression protocols or parametervariation protocols could be included within the scope of the term“encryption protocol,” as used hereunder. Accordingly, this inventionincludes all modifications and equivalents of the subject matter recitedin the claims appended hereto as permitted by applicable law. Moreover,any combination of the above-described elements in all possiblevariations thereof is encompassed by the invention unless otherwiseindicated herein or otherwise clearly contradicted by context.

1. An article of manufacture for securing data based on protocol hopping and utilizing reconfigurable logic, comprising: a computer-readable storage medium adapted to store a plurality of encryption protocols and the reconfigurable logic, wherein the reconfigurable logic is adapted to: select an encryption protocol from plurality of encryption protocols, the selected encryption protocol selected using a random number generatator seeded via a security characteristic of one or more hardware devices associated with the article of manufacture; encript the data based on the selected encryption protocol; and repeat the selecting and encrypting steps to encrypt a plurality of data.
 2. The article of claim 1, wherein the medium is a memory.
 3. (canceled)
 4. The article of claim 1, wherein each of the plurality of encryption protocols is selected from the group consisting of encryption algorithms, compression algorithms, whitening algorithms, data manipulation algorithms, and modes.
 5. (canceled)
 6. (canceled)
 7. (canceled)
 8. (canceled)
 9. (canceled)
 10. (canceled)
 11. (canceled)
 12. (canceled)
 13. (canceled)
 14. (canceled)
 15. (canceled)
 16. (canceled)
 17. (canceled)
 18. (canceled)
 19. (canceled)
 20. (canceled)
 21. (canceled)
 22. (canceled)
 23. An apparatus for securing data based on protocol hopping and utilizing reconfigurable logic driven by a random number generator, comprising: a memory containing data describing a plurality of encryption algorithms therein; a communications interface configured to receive data; a random number generator; a processor adapted to read from the memory one of the plurality of encryption algorithms, selected based on output of the random number generator; wherein at least a portion of the logic defining the memory, the random number generator, and the processor is reconfigurable; wherein the processor is also configured to encrypt the received data block based on the encryption algorithm read from the memory.
 24. The apparatus of claim 23, wherein the random number generator comprises a pseudo random number generator.
 25. (canceled)
 26. (canceled)
 27. (canceled)
 28. (canceled)
 29. (canceled)
 30. (canceled)
 31. (canceled)
 32. (canceled)
 33. (canceled)
 34. (canceled)
 35. (canceled)
 36. A method for achieving encrypted-communications compatibility of a first device with a second device, wherein the first device includes reconfigurable logic and is adapted to: process data based on the reconfigurable logic and communicate with the second device; wherein the method comprises: storing, in the reconfigurable logic of the first device, one or more encryption protocols necessary for encrypted-communications compatibility with the second device, whereby encrypted-communications compatibility of the first device with the second device is achieved.
 37. The method of claim 36, wherein design of the second device predates design of the first device, whereby the encrypted-communications compatibility comprises legacy compatibility.
 38. The method of claim 36, wherein the first device and the second device are in use by a legal entity, whereby the encrypted-communications compatibility comprises cross-compatibility.
 39. The method of claim 36, wherein the first device is in use by one legal entity and the second device is in use by a different legal entity, whereby the encrypted communications compatibility comprises interoperability.
 40. The method of claim 36, wherein design of the first device predates design of the second device, whereby the encrypted-communications compatibility comprises forward compatibility.
 41. The method of claim 36, wherein each of the one or more encryption protocols is selected from the group consisting of encryption algorithms, compression algorithms, whitening algorithms, data manipulation algorithms, and modes.
 42. The method of claim 36, wherein each of the one or more encryption protocols comprises an encryption algorithm.
 43. The method of claim 36, wherein each of the one or moreencryption protocols comprises a compression algorithm.
 44. (canceled)
 45. (canceled)
 46. (canceled) 